This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft's 'Project Bali' Wants to Let You Control Your Data

Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.

Microsoft Research reportedly has a new offering in the works intended to improve users' privacy by giving them greater control over the information it collects about them.

The tool, codenamed Project Bali, currently appears to be in private beta testing. It was mentioned in a tweet on Jan. 2 by Twitter user Longhorn, who called it "a project that can delete your connection and account information (inverseprivacyproject)." ZDNet's Mary Jo Foley found a link to Bali's project page, which lets users sign in or request codes to gain access.

While no longer available at the time of this writing, the page for Project Bali describes it as a "new personal data bank which puts users in control of all data collected about them… The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data," ZDNet reports.

'Inverse Privacy'

As indicated in Longhorn's tweet, Bali is founded on the idea of "Inverse Privacy," the subject of a 2014 paper developed by former Microsoft Research employees Yuri Gurevich, Efim Hudis, and Jeannette Wing. All were part of the research team at the time their paper was written.

According to the concept of inverse privacy, information is inversely private if another party has access to it but you do not. Meanwhile, directly private data is accessible to you and nobody else; and partially private data is accessible to you and a limited number of parties, the researchers explain.

The different organizations you interact with – your employer, township, doctor, grocery store – have legitimate reasons for collecting inversely private information (receipts, prescriptions, etc.). Over time, technology has allowed them to record and store that information better than you would. As a result, more of your data has become inversely private, yet difficult to access.

"Your inversely private information, whether collected or derived, allows institutions to serve you better," researchers argue. "But access to that information – especially if it were presented to you in a convenient form – would do you much good."

This type of data access would allow its owners to correct possible errors and gain a better idea of various health and lifestyle metrics so they can make improvements where they see fit, they continue. Researchers note that in some cases, the inaccessibility of inversely private data can be justified to protect the privacy of other people and protect the interests of organizations.

However, they add, these cases are relatively few. In most situations, people would be better off with access to the information companies have on them. Further, they say it's in businesses' interests to share data: people want to work with companies that value transparency.

"We argue that there are numerous scenarios where the chances to hurt other parties by providing you access to your data are negligible," they write. The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.

The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.

Why should Micro$oft collect data about me? I consider most of my stuff to be MY STUFF (apologies to the late, great George Carlin). It belongs to me and for them to TAKE IT ----- and gee, ain't this nifty. Let me control what they take. Wow. I am impressed NOT.

As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .